PDA

View Full Version : Browser Redirector - Log Files



gatrbeight
2011-02-11, 02:01
Please find the files created here. Original Post will be deleted.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Mike at 18:53:04.73 on Thu 02/10/2011
Internet Explorer: 9.0.7930.16406
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2815.1138 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeaserv.exe
C:\Windows\system32\lxeacoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Mike\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eRecoveryService]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"
mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl424fa16c;MpKsl424fa16c;c:\programdata\microsoft\microsoft antimalware\definition updates\{30161c5f-96e2-4870-88c0-512734baa8cd}\MpKsl424fa16c.sys [2011-2-10 28752]
R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2009-4-29 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2010-5-22 193192]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-6 1153368]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-8 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 OlCamudp;OLYMPUS Digital Camera;c:\windows\system32\drivers\olcamudp.sys [2009-11-1 10379]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2011-02-10 21:44:35 -------- d-----w- c:\program files\RegServe
2011-02-10 21:25:15 -------- d-----w- c:\users\mike\appdata\roaming\Safer Networking
2011-02-10 21:15:09 -------- d-----w- c:\program files\Safer Networking
2011-02-10 20:28:18 -------- d-----w- c:\progra~2\FrontLine Registry Cleaner
2011-02-10 20:28:12 -------- d-----w- c:\program files\Frontline Registry Cleaner
2011-02-10 20:19:43 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{30161c5f-96e2-4870-88c0-512734baa8cd}\MpKsl424fa16c.sys
2011-02-10 20:19:31 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{30161c5f-96e2-4870-88c0-512734baa8cd}\mpengine.dll
2011-02-08 19:28:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-08 19:28:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-08 19:09:26 -------- d-----w- c:\windows\en
2011-02-08 19:07:42 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-02-08 19:05:37 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-02-08 19:03:31 -------- d-----w- c:\windows\PCHEALTH
2011-02-08 19:02:22 -------- d-----w- c:\program files\Microsoft
2011-02-08 19:02:17 -------- d-----w- c:\program files\MSN Toolbar
2011-02-08 19:02:05 -------- d-----w- c:\program files\Bing Bar Installer
2011-02-08 19:02:04 469256 ----a-w- c:\program files\common files\windows live\.cache\ab4a69861cbc7c207\InstallManager_WLE_WLE.exe
2011-02-08 19:01:58 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-02-08 19:01:58 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-02-08 19:01:57 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-08 19:01:51 15712 ----a-w- c:\program files\common files\windows live\.cache\a500ea461cbc7c206\MeshBetaRemover.exe
2011-02-08 19:01:47 94040 ----a-w- c:\program files\common files\windows live\.cache\a24e9b861cbc7c205\DSETUP.dll
2011-02-08 19:01:47 525656 ----a-w- c:\program files\common files\windows live\.cache\a24e9b861cbc7c205\DXSETUP.exe
2011-02-08 19:01:47 1691480 ----a-w- c:\program files\common files\windows live\.cache\a24e9b861cbc7c205\dsetup32.dll
2011-02-08 19:01:43 94040 ----a-w- c:\program files\common files\windows live\.cache\9f1e91461cbc7c204\DSETUP.dll
2011-02-08 19:01:43 525656 ----a-w- c:\program files\common files\windows live\.cache\9f1e91461cbc7c204\DXSETUP.exe
2011-02-08 19:01:43 1691480 ----a-w- c:\program files\common files\windows live\.cache\9f1e91461cbc7c204\dsetup32.dll
2011-02-08 19:01:04 -------- d-----w- c:\users\mike\appdata\local\Windows Live
2011-02-08 18:59:47 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-08 18:59:47 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-08 18:56:59 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-02-08 18:56:43 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-08 18:56:42 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-08 18:13:59 94208 ----a-w- c:\program files\internet explorer\en\iediag.resources.dll
2011-02-08 18:12:32 -------- d-----w- c:\program files\Feedback Tool
2011-02-07 16:06:11 -------- d-----w- c:\users\mike\appdata\local\Threat Expert
2011-02-07 16:02:59 -------- d-----w- c:\program files\common files\PC Tools
2011-02-07 16:01:38 -------- d-----w- c:\progra~2\PC Tools
2011-02-06 19:23:38 -------- d-----w- c:\users\mike\appdata\local\Microsoft Corporation
2011-02-06 19:16:54 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-02-06 19:16:12 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{2099e4d1-2346-466a-ab73-bfc1be76e7f2}\gapaengine.dll
2011-02-06 19:10:19 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-06 19:09:58 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-02-06 13:28:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-06 13:28:35 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-02-04 16:32:09 -------- d-----w- c:\program files\common files\AnswerWorks 5.0
2011-02-04 16:32:07 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
2011-02-04 16:32:07 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
2011-02-04 16:32:07 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2011-02-04 16:32:07 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
2011-02-04 16:32:07 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
2011-02-04 16:32:06 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2011-02-04 16:32:06 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
2011-02-04 16:30:59 -------- d-----w- c:\users\mike\appdata\roaming\Intuit
2011-02-04 16:30:59 -------- d-----w- c:\program files\Quicken
2011-02-04 07:12:21 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{7846b0ca-faa4-4080-8c0e-aa9acd90f460}\mpengine.dll
2011-02-03 20:20:08 -------- d-----w- c:\users\mike\appdata\roaming\Malwarebytes
2011-02-03 20:20:00 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-03 20:19:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-03 15:36:05 -------- d-----w- c:\users\mike\appdata\roaming\Tific
2011-02-03 15:25:08 -------- d-----w- c:\program files\Trend Micro
2011-01-30 20:35:06 -------- d-----w- c:\program files\HRBlock2010
2011-01-30 18:02:02 -------- d-----w- c:\users\mike\appdata\roaming\MozillaControl
2011-01-30 18:01:50 -------- d-----w- c:\progra~2\Wolters Kluwer
2011-01-30 18:01:11 -------- d-----w- c:\program files\H&R Block Business 2010
2011-01-30 17:49:17 -------- d-----w- c:\users\mike\appdata\local\Intuit_Inc
2011-01-12 03:47:18 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-12 03:47:18 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-12 03:47:18 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 03:47:18 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-12 03:47:18 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-12 03:47:18 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-12 03:47:16 1169408 ----a-w- c:\windows\system32\sdclt.exe

==================== Find3M ====================

2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 18:53:42.65 ===============

Blade81
2011-02-14, 13:19
Hi,

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer


Update MBAM and run a full scan with it. Post back the report + fresh dds logs. Also, please describe redirect issue a bit.

Blade81
2011-02-21, 18:28
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.